Microsoft’s bid to secure the IoT: custom Linux, chips, Azure

Microsoft has released details on Azure Sphere, their bid to make IoT devices secure by default:

First is a new class of microcontrollers (MCUs) that supports seven critical hardware features that Microsoft says are a necessary foundation to build secure systems. These include support for unforgeable encryption keys protected by hardware, the ability to update system software, and hardware-enforced compartmentalization between software components. Microsoft has some track record in building such systems, in particular with the Xbox, which is designed to have tamper-proof hardware that’s securely updatable.

[…]

Second is a new operating system: Azure Sphere OS. The company says this OS combines a custom Linux kernel with Windows-inspired security features, providing a secure platform that scales down to smaller systems than Windows can reach. Application code is run within containers to provide isolation, and Microsoft will have a custom security monitor running beneath the Linux kernel to protect system integrity and arbitrate access to critical resources.

The third part is Azure Sphere Security Service, a cloud service that will detect security issues (by recognizing failures and errors on devices), act as a source of software updates, and mediate secure communications between devices and to the cloud.

The Microsoft-made microcontroller designs will be available to manufacturers under royalty-free licenses.

Additionally, the big news is Microsoft’s own Linux distribution, a first for the company. They do have a custom Linux build they us in-house for Azure’s networking stack, but that isn’t available outside of the company.

9 Comments

First is a new class of microcontrollers (MCUs) that supports seven critical hardware features that Microsoft says are a necessary foundation to build secure systems. These include support for unforgeable encryption keys protected by hardware, the ability to update system software, and hardware-enforced compartmentalization between software components. Microsoft has some track record in building such systems, in particular with the Xbox, which is designed to have tamper-proof hardware that’s securely updatable.

There’s nothing wrong with security at face value, however I am extremely wary of microsoft’s definition of “secure”. Reading between the lines I am highly concerned that this is microsoft moving to push more restrictions on MCUs in order to gain control over owners.

Like in the case of the xbox, most of those protections were put in place to lock owners out and limit their access to the hardware.